[Cluster-devel] [PATCH] gfs2: remove unnecessary permission checks

cluster-devel.redhat.com archive mirror
 help / color / mirror / Atom feed

* [Cluster-devel] [PATCH] gfs2: remove unnecessary permission checks
@ 2007-11-21 17:54 Ryan O'Hara
  2007-11-26 15:17 ` Steven Whitehouse
  0 siblings, 1 reply; 4+ messages in thread
From: Ryan O'Hara @ 2007-11-21 17:54 UTC (permalink / raw)
  To: cluster-devel.redhat.com

Remove read/write permission() checks from xattr operations.
VFS layer is already handling permission for xattrs via the
xattr_permission() call, so there is no need for gfs2 to
check permissions. Futhermore, using permission() for SELinux
xattrs ops is incorrect.
---
 fs/gfs2/eaops.c |   30 ------------------------------
 1 files changed, 0 insertions(+), 30 deletions(-)

diff --git a/fs/gfs2/eaops.c b/fs/gfs2/eaops.c
index aa8dbf3..ef91b6e 100644
--- a/fs/gfs2/eaops.c
+++ b/fs/gfs2/eaops.c
@@ -59,9 +59,6 @@ unsigned int gfs2_ea_name2type(const char *name, const char **truncated_name)
 static int user_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 {
 	struct inode *inode = &ip->i_inode;
-	int error = permission(inode, MAY_READ, NULL);
-	if (error)
-		return error;
 
 	return gfs2_ea_get_i(ip, er);
 }
@@ -70,14 +67,6 @@ static int user_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 {
 	struct inode *inode = &ip->i_inode;
 
-	if (S_ISREG(inode->i_mode) ||
-	    (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
-		int error = permission(inode, MAY_WRITE, NULL);
-		if (error)
-			return error;
-	} else
-		return -EPERM;
-
 	return gfs2_ea_set_i(ip, er);
 }
 
@@ -85,14 +74,6 @@ static int user_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 {
 	struct inode *inode = &ip->i_inode;
 
-	if (S_ISREG(inode->i_mode) ||
-	    (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
-		int error = permission(inode, MAY_WRITE, NULL);
-		if (error)
-			return error;
-	} else
-		return -EPERM;
-
 	return gfs2_ea_remove_i(ip, er);
 }
 
@@ -108,8 +89,6 @@ static int system_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 	     GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)))
 		return -EOPNOTSUPP;
 
-
-
 	return gfs2_ea_get_i(ip, er);
 }
 
@@ -173,9 +152,6 @@ static int system_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 {
 	struct inode *inode = &ip->i_inode;
-	int error = permission(inode, MAY_READ, NULL);
-	if (error)
-		return error;
 
 	return gfs2_ea_get_i(ip, er);
 }
@@ -183,9 +159,6 @@ static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 {
 	struct inode *inode = &ip->i_inode;
-	int error = permission(inode, MAY_WRITE, NULL);
-	if (error)
-		return error;
 
 	return gfs2_ea_set_i(ip, er);
 }
@@ -193,9 +166,6 @@ static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 static int security_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 {
 	struct inode *inode = &ip->i_inode;
-	int error = permission(inode, MAY_WRITE, NULL);
-	if (error)
-		return error;
 
 	return gfs2_ea_remove_i(ip, er);
 }
-- 
1.5.0.6



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Cluster-devel] [PATCH] gfs2: remove unnecessary permission checks
  2007-11-21 17:54 [Cluster-devel] [PATCH] gfs2: remove unnecessary permission checks Ryan O'Hara
@ 2007-11-26 15:17 ` Steven Whitehouse
  2007-11-27  5:16   ` [Cluster-devel] " Fabio Massimo Di Nitto
  0 siblings, 1 reply; 4+ messages in thread
From: Steven Whitehouse @ 2007-11-26 15:17 UTC (permalink / raw)
  To: cluster-devel.redhat.com

Hi,

Now in the -nmw git tree. Thanks,

Steve.

On Wed, 2007-11-21 at 11:54 -0600, Ryan O'Hara wrote:
> Remove read/write permission() checks from xattr operations.
> VFS layer is already handling permission for xattrs via the
> xattr_permission() call, so there is no need for gfs2 to
> check permissions. Futhermore, using permission() for SELinux
> xattrs ops is incorrect.
> ---
>  fs/gfs2/eaops.c |   30 ------------------------------
>  1 files changed, 0 insertions(+), 30 deletions(-)
> 
> diff --git a/fs/gfs2/eaops.c b/fs/gfs2/eaops.c
> index aa8dbf3..ef91b6e 100644
> --- a/fs/gfs2/eaops.c
> +++ b/fs/gfs2/eaops.c
> @@ -59,9 +59,6 @@ unsigned int gfs2_ea_name2type(const char *name, const char **truncated_name)
>  static int user_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  {
>  	struct inode *inode = &ip->i_inode;
> -	int error = permission(inode, MAY_READ, NULL);
> -	if (error)
> -		return error;
>  
>  	return gfs2_ea_get_i(ip, er);
>  }
> @@ -70,14 +67,6 @@ static int user_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  {
>  	struct inode *inode = &ip->i_inode;
>  
> -	if (S_ISREG(inode->i_mode) ||
> -	    (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
> -		int error = permission(inode, MAY_WRITE, NULL);
> -		if (error)
> -			return error;
> -	} else
> -		return -EPERM;
> -
>  	return gfs2_ea_set_i(ip, er);
>  }
>  
> @@ -85,14 +74,6 @@ static int user_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  {
>  	struct inode *inode = &ip->i_inode;
>  
> -	if (S_ISREG(inode->i_mode) ||
> -	    (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
> -		int error = permission(inode, MAY_WRITE, NULL);
> -		if (error)
> -			return error;
> -	} else
> -		return -EPERM;
> -
>  	return gfs2_ea_remove_i(ip, er);
>  }
>  
> @@ -108,8 +89,6 @@ static int system_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  	     GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)))
>  		return -EOPNOTSUPP;
>  
> -
> -
>  	return gfs2_ea_get_i(ip, er);
>  }
>  
> @@ -173,9 +152,6 @@ static int system_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  {
>  	struct inode *inode = &ip->i_inode;
> -	int error = permission(inode, MAY_READ, NULL);
> -	if (error)
> -		return error;
>  
>  	return gfs2_ea_get_i(ip, er);
>  }
> @@ -183,9 +159,6 @@ static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  {
>  	struct inode *inode = &ip->i_inode;
> -	int error = permission(inode, MAY_WRITE, NULL);
> -	if (error)
> -		return error;
>  
>  	return gfs2_ea_set_i(ip, er);
>  }
> @@ -193,9 +166,6 @@ static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  static int security_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
>  {
>  	struct inode *inode = &ip->i_inode;
> -	int error = permission(inode, MAY_WRITE, NULL);
> -	if (error)
> -		return error;
>  
>  	return gfs2_ea_remove_i(ip, er);
>  }



^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Cluster-devel] Re: [PATCH] gfs2: remove unnecessary permission checks
  2007-11-26 15:17 ` Steven Whitehouse
@ 2007-11-27  5:16   ` Fabio Massimo Di Nitto
  2007-11-27 11:10     ` Steven Whitehouse
  0 siblings, 1 reply; 4+ messages in thread
From: Fabio Massimo Di Nitto @ 2007-11-27  5:16 UTC (permalink / raw)
  To: cluster-devel.redhat.com

Hi Steven,

Steven Whitehouse wrote:
> Hi,
> 
> Now in the -nmw git tree. Thanks,
> 
> Steve.
> 
> On Wed, 2007-11-21 at 11:54 -0600, Ryan O'Hara wrote:

this patch introduces a bunch of build warnings by leaving around

struct inode *inode = &ip->i_inode;

The patch in attachment cleans them up. Please apply.

Thanks
Fabio

-- 
I'm going to make him an offer he can't refuse.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eaops_build_warning.diff
Type: application/pgp-encrypted
Size: 1278 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/cluster-devel/attachments/20071127/fcf8d0f9/attachment.pgp>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Cluster-devel] Re: [PATCH] gfs2: remove unnecessary permission checks
  2007-11-27  5:16   ` [Cluster-devel] " Fabio Massimo Di Nitto
@ 2007-11-27 11:10     ` Steven Whitehouse
  0 siblings, 0 replies; 4+ messages in thread
From: Steven Whitehouse @ 2007-11-27 11:10 UTC (permalink / raw)
  To: cluster-devel.redhat.com

Hi,

Now applied to the -nmw git tree. Thanks,

Steve.

On Tue, 2007-11-27 at 06:16 +0100, Fabio Massimo Di Nitto wrote:
> Hi Steven,
> 
> Steven Whitehouse wrote:
> > Hi,
> > 
> > Now in the -nmw git tree. Thanks,
> > 
> > Steve.
> > 
> > On Wed, 2007-11-21 at 11:54 -0600, Ryan O'Hara wrote:
> 
> this patch introduces a bunch of build warnings by leaving around
> 
> struct inode *inode = &ip->i_inode;
> 
> The patch in attachment cleans them up. Please apply.
> 
> Thanks
> Fabio
> 



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-11-27 11:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-21 17:54 [Cluster-devel] [PATCH] gfs2: remove unnecessary permission checks Ryan O'Hara
2007-11-26 15:17 ` Steven Whitehouse
2007-11-27  5:16   ` [Cluster-devel] " Fabio Massimo Di Nitto
2007-11-27 11:10     ` Steven Whitehouse

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).